end point nac
DESCRIPTION
NACTRANSCRIPT
Symantec Endpoint Protection and Symantec Network Access Control June 2007 2
Symantec™ Global Intelligence Network
Hundreds of MSS customersMillions of security alerts per monthMillions of threat reports per month200,000 malware submissions per month
Twyford, England
Munich, Germany
Alexandria, VA
Sydney, Australia
Redwood City, CA
Santa Monica, CA
Calgary, Canada
San Francisco, CA
Dublin, Ireland
Pune, IndiaTaipei, Taiwan
Tokyo, Japan
>6,200 Managed Security Devices + + AdvancedHoneypot Network120 Million Systems Worldwide 30% of World’s email Traffic +
74 Symantec Monitored Countries+4 Symantec SOCs 40,000+ Registered Sensors
in 180+ Countries+ + 8 Symantec Security Response Centers
Symantec Endpoint Protection and Symantec Network Access Control June 2007 3
Threat Landscape Is Evolving
Percentage of Top 50 Malicious Code
Symantec Endpoint Protection and Symantec Network Access Control June 2007 4
Number of Zero Day threats
Threat Landscape is Evolving
Symantec Endpoint Protection and Symantec Network Access Control June 2007 5
Causes of Sensitive Data Loss
0% 10% 20% 30% 40% 50%
ITPolicyCompliance.com“Taking Action to Protect Sensitive Data”, Feb. 2007
User Errors
Violations of Policies
Internet Threats,Attacks and Hacks
Cause of Data Losses by Number of Events
Symantec Endpoint Protection and Symantec Network Access Control June 2007 6
Meet Hal, the IT Administrator
Symantec Endpoint Protection and Symantec Network Access Control June 2007 77
Addressing IT Risks & Enabling IT Performance
MaximizeIT Performance
ManageIT Risk
Information
Interactions
Infrastructure
Symantec Endpoint Protection and Symantec Network Access Control June 2007 8
Symantec Enterprise Solutions:A Powerful Combination of Product & Services
SECURITY IT COMPLIANCE
BUSINESS CONTINUITYSTORAGE IT OPERATIONS
ManageIT Risk
MaximizeIT Performance
INFORMATION MANAGEMENT
Symantec Endpoint Protection and Symantec Network Access Control June 2007 9
Symantec Endpoint Protection in a Nutshell
• The World’s leading anti-virus solution• More consecutive Virus Bulletin certifications (31) than
any vendor
• Best anti-spyware, leading the pack in rootkit detection and removal
• Includes VxMS scanning technology (Veritas)
• Industry’s best managed desktop firewall• Adaptive policies lead the pack for location awareness• Sygate and Symantec Client Security
• Behavior-based Intrusion prevention (Whole Security)• Network traffic inspection adds vulnerability-based
protection
• Device control to prevent data leakage at the endpoint (Sygate)
• Restricts access to registry, files, folders, and processes
• Includes a NAC agent to ensure each endpoint is “NAC-ready” (Sygate)
• Adds endpoint compliance to endpoint protection
AntiVirus
Antispyware
Firewall
IntrusionPrevention
Device and ApplicationControl
Network AccessControl
Symantec Endpoint Protection and Symantec Network Access Control June 2007 10
Ingredients for Endpoint Protection
AntiVirus
AntiVirus
• World’s leading AV solution• Most (32) consecutive VB100 Awards
Symantec Endpoint Protection and Symantec Network Access Control June 2007 11
Ingredients for Endpoint Protection
AntiVirus
AntiVirus
• AV Comparative Feb 2007• Symantec on 100% detection for polymorphic
viruses in particular
Symantec Endpoint Protection and Symantec Network Access Control June 2007 12
Ingredients for Endpoint Protection
AntiVirus
Antispyware
Antispyware
• Best rootkit detection and removal• Raw Disk Scan for superior Rootkit protection
Source: Thompson Cyber Security Labs, August 2006
Symantec Endpoint Protection and Symantec Network Access Control June 2007 13
Ingredients for Endpoint Protection
AntiVirus
Antispyware
Firewall
Firewall
• Industry leading endpoint firewall technology• Gartner MQ “Leader” – 4 consecutive years• Rules based FW can dynamically adjust port
settings to block threats from spreading
Symantec Endpoint Protection and Symantec Network Access Control June 2007 1414
Ingredients for Endpoint Protection
Antivirus
Antispyware
Firewall
IntrusionPrevention
Intrusion Prevention
• Most Comprehensive IPS capabilities in the industry• Generic Exploit Blocking (GEB) – one
signature to proactively protect against all variants
• Proactive Threat Scan –
Detects 1,000 threats/month not detected by top 4 leading antivirus engines
• Very low false positive rate (0.004%)• Only 40 FP for every 1M computers
• No set up or configuration required
Symantec Endpoint Protection and Symantec Network Access Control June 2007 15
Intrusion Prevention System (IPS)Combined technologies offer best defense
(N)IPSNetwork IPS
(H)IPSHost IPS
Application Control Rules-based(System lockdown by controlling an application’s ability to read, write, execute and network connections)
Proactive Threat ScanBehavior-based(Whole Security)
Deep packet inspectionSignature–based(Can create custom sigs, SNORT-like)
Generic Exploit BlockingVulnerability-based(Sigs for vulnerability)
IntrusionPrevention
(IPS)
=Services Opportunity
Symantec Endpoint Protection and Symantec Network Access Control June 2007 16
Ingredients for Endpoint Protection
AntiVirus
Antispyware
Firewall
IntrusionPrevention
Device Control
Device Control
• Prevents data leakage• Restrict Access to devices (USB keys, Back-
up drives)• W32.SillyFDC (May 2007)
W32.SillyFDC
• targets removable memory sticks
• spreads by copying itself onto removable drives
such as USB memory sticks
• automatically runs when the device is next
connected to a computer
=Services Opportunity
Symantec Endpoint Protection and Symantec Network Access Control June 2007 17
Ingredient for Endpoint Compliance
AntiVirus
Antispyware
Firewall
IntrusionPrevention
Device Control
Network AccessControl
Network Access Control
• Network access control – ready• Agent is included, no extra agent deployment• Simply license SNAC Server
Symantec Endpoint Protection and Symantec Network Access Control June 2007 18
Symantec Network Access Control
1. Reduce IT costs & greater network availability
2. Increased control over unmanaged and managed endpoints
3. Maximize investment of security technologies
Ensures endpoints are protected and compliant prior to accessing network resources
Symantec Endpoint Protection and Symantec Network Access Control June 2007 1919
Introducing: Single Agent, Single Console
Results:
Reduced Cost, Complexity &
Risk Exposure
Increased Protection, Control &
Manageability
Symantec Endpoint Protection 11.0
Symantec Network Access Control 11.0
AntiVirus
Antispyware
Firewall
IntrusionPrevention
Device Control
Network AccessControl
Symantec Endpoint Protection and Symantec Network Access Control June 2007 2020
How do we Lower Cost, Complexity and Risk?• Cost
– Lowered system resource demands, smaller footprint
– Single product, license, support program
– Operational efficiency
• Complexity– Fewer consoles and agents allows
standardization of technologies– Improved UI suits any size organization
• Risk– Includes behavior-based IPS to protect
against unknown attacks– Device control helps protect against
data loss and intellectual property theft Average of 84% reduction in memory usage requirements
Product Baseline Memory Usage
Symantec AntiVirus Corporate Edition 62 MB
Symantec Client Security 129 MB
Symantec AntiVirus + Symantec Sygate Enterprise Protection
72 MB
McAfee Total Protection SMB 71 MB
Trend Micro OfficeScan Client Server 50 MB
Symantec Endpoint Protection 11.0 21 MB!????
Symantec Endpoint Protection and Symantec Network Access Control June 2007 21
Symantec AntiVirus Extended Licensing
Symantec Endpoint
Protection
Symantec Endpoint
Protection Small Business Edition
Symantec Multi-tier
Protection
Antivirus X X X
Antispyware X X X
Desktop Firewall X X X
Intrusion Prevention X X X
Device Control X X X
Mail Security X MS Exchange
X MS Exchange/Domino/SMTP
Gateway
Antivirus for Mac and Linux
X
Symantec Endpoint Protection and Symantec Network Access Control June 2007 22
LAN-802.1x(Appliance)
Endpoint(Uses SEP Desktop
Firewall)
Gateway(Appliance)
DHCP(Appliance/Plug-in)
Client(Persistent)
On-Demand(Dissolvable)
Agentless(Scanner)
Enforcement Type Agent Type
SymantecNetworkAccess Control
v11.0
SymantecNetworkAccess Control
Starter EditionV 11.0
SNAC Packaging
Back to Table
Symantec Endpoint Protection and Symantec Network Access Control June 2007 23
For More Information…www.symantec.com/endpointsecurity
Symantec Endpoint Protection and Symantec Network Access Control June 2007 24
© 2007 Symantec Corporation. All rights reserved.
THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS ADVERTISING. ALL WARRANTIES RELATING TO THE INFORMATION IN THIS DOCUMENT, EITHER EXPRESS OR IMPLIED, ARE DISCLAIMED TO THE MAXIMUM EXTENT ALLOWED BY LAW. THE INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE.
Thank You!